AMENDMENTS TO THE DRAWINGS 
Replacement formal drawings of Figures 1-18 are submitted concurrently 
herewith under a separate cover letter. 
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REMARKS 

By this Amendment, claims 1-16 and 18-19 are amended, and claims 20-22 are 
added. Claim 17 remains in the application. Thus, claims 1-22 are active in the 
application. Reexamination and reconsideration of the application are respectfully 
requested. 

The specification and abstract have been carefully reviewed and revised in order 
to correct grammatical and idiomatic errors in order to aid the Examiner in further 
consideration of the application. The amendments to the specification and abstract are 
incorporated in the attached substitute specification and abstract. No new matter has 
been added . 

Also attached hereto is a marked-up version of the substitute specification and 
abstract illustrating the changes made to the original specification and abstract. 

The Applicants note that the Examiner failed to acknowledge, in item 12 on the 
Office Action Summary form, the Applicants' claim of foreign priority based on Japanese 
Patent Application 2000-391938, filed December 25, 2000, and the receipt of the certified 
copy of the foreign priority document. A Claim of Priority and the certified copy of the 
foreign priority document were filed with the present application on December 18, 2001. 
Accordingly, the Applicants respectfully request the Examiner to acknowledge the 
Applicants' claim of foreign priority and the receipt of the certified copy of the foreign 
priority document. 

On page 2 of the Office Action, the Examiner required that Figure 1 be labeled as 
"Prior Art" because Figure 1 illustrates the conventional processing for a packet that 
requires both encryption processing and authentication processing. Accordingly, 
replacement formal drawings of Figures 1-18 are submitted concurrently herewith under 
a separate cover letter in order to label Figure 1 as "Prior Art." Approval of the 
replacement formal drawings is respectfully requested. 

On page 2 of the Office Action, claims 1-2, 6, 1 1, 13 and 15 were rejected under 
35 U.S.C. § 1 12, second paragraph, as being indefinite for failing to particularly point out 
and distinctly claim the subject matter which the Applicants regard as the invention. In 
particular, the Examiner identified various limitations in these claims which lacked 
proper antecedent basis. Claims 1-2, 6, 11, 13 and 15 have been revised to provide 



-13- 



proper antecedent basis for all of the limitations recited therein. For instance, the 
Applicants note that the preamble of claim 1 has been revised to recite a security 
communication packet processing apparatus that performs at least one of encryption 
process, decryption processing and authentication processing to "an inputted packet." In 
view of this revision to the preamble of claim 1, the limitation "the inputted packet" in 
the recitation of the control unit clearly has proper antecedent basis. Claims 2, 6, 1 1, 13 
and 15 have also been revised by using the article "a" or "an" instead of the article "the" 
before limitations that were not previously recited in a preceding claim. In view of the 
amendments to claims 1-2, 6, 11, 13 and 15, the Applicants respectfully submit that these 
claims are clearly definite by particularly pointing out and distinctly claiming the subject 
matter which the Applicants regard as the invention. Therefore, the Applicants 
respectfully request the Examiner to withdraw the rejection of claims 1-2, 6, 1 1, 13 and 
15 under 35 U.S.C. § 112, second paragraph. 

On page 3 of the Office Action, claims 1-2, 5-6, 9, 13 and 17-20 were rejected 
under 35 U.S.C. § 102(e) as being anticipated by Mathews (U.S. Patent Application 
Publication No. 2002/0078342). This rejection is respectfully traversed for the following 
reasons. 

The present invention provides a security communication packet processing 
apparatus and method that, relative to conventional systems, makes it possible to speed 
up processing, reduce delay of the processing, increase throughput for a packet which 
requires authentication processing after encryption processing (although the 
authentication value does not need to be encrypted). 

In the following description of the present invention, specific numerical values are 
used to aid the Examiner in understanding the invention and the marked differences 
between the present invention and the applied references. However, the specific 
numerical values used herein are merely examples, and the present invention is not to be 
interpreted as being limited to thereto. 

As mentioned above, a significant feature of the present invention is the 
processing of a packet which requires authentication processing after encryption 
processing. In conventional systems, pipeline processing is performed per packet, i.e., 
packet by packet. Therefore, a buffer of a maximum packet size of 1,500 bytes, for 
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example, is necessary for storing data which requires authentication processing after 
encryption processing. 

However, according to the present invention, a data size which is required for 
authentication processing, such as 64 bytes, is an integral multiple of a data size which is 
required for encryption processing, such as 8 bytes, and is significantly smaller than the 
maximum packet size (1,500 bytes). Therefore, pipeline processing per data block of the 
present invention, instead of the conventional pipeline processing per packet, allows for a 
reduction of the buffer size to only 64 bytes for storing data which requires authentication 
processing after encryption processing. 

Therefore, according to the present invention, it is possible to achieve a high- 
speed pipeline processing for encryption processing and authentication processing with a 
buffer size of only 1/25^ of the conventional buffer size. 

The data path diagram 1 1 1 of Figure 3 illustrates the processing procedure of data 
blocks of a packet which requires authentication processing after encryption processing. 
As described beginning at line 31 on page 17 of the original specification (beginning at 
line 25 on page 18 of the substitute specification), a packet that requires both encryption 
processing and authentication processing is inputted to the a security communication 
packet processing apparatus and is received by an encryption processing and 
authentication processing control unit (referred to as "control unit" in the claims). The 
control unit divides the packet into data blocks for the encryption processing, and 
sequentially transmits the data blocks along with processing information thereof to an 
encryption processing unit. The encryption processing unit encrypts the data blocks 
according to an appropriate processing method based on the processing information. 

The encrypted data blocks are outputted to a packet construction unit, and at the 
same time, are outputted to a data block accumulation unit. The data block accumulation 
unit successively accumulates the encrypted data blocks outputted form the encryption 
processing unit until the accumulated encrypted data blocks reach the data block size that 
is necessary for the authentication processing. Accordingly, the data block accumulation 
unit acts as a buffer by accumulating the encrypted data blocks until the amount of the 
accumulated data blocks reaches the data block size that is necessary for the subsequent 
authentication processing . When the accumulated encrypted data blocks reach the data 
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block size (e.g. 64 bytes) that is necessary for the authentication processing, the data 
block accumulation unit outputs the accumulated data blocks and the processing 
information thereof to an authentication processing unit. 

The authentication processing unit receives the accumulated encrypted data 
blocks and the processing information thereof, performs authentication processing on the 
encrypted data blocks according to the processing information, and calculates an 
authentication value. The authentication processing imit then outputs the authentication 
value to a packet construction unit, which has already received the encrypted data blocks 
outputted from the encryption processing unit. 

The packet construction unit then constructs (reconstructs) an encrypted and 
authentication-processed packet corresponding to one packet that is inputted to the 
control unit by accumulating the encrypted data blocks ou^utted from the encryption 
processing unit, and incorporating the authentication value outputted from the 
authentication processing imit. See data path diagram 1 1 1 of Figure 3 for a pictorial 
explanation of the above-described operation. 

Accordingly, for a packet that requires both encryption processing and 
authentication processing, the present invention provides that authentication value does 
not need to be encrypted, which, as described below, is the manner in which Mathews' 
parallel processing processes a packet that requires both encryption processing and 
authentication processing. 

Furthermore, the present invention includes a data block accumulating unit (i.e., a 
buffer) between the encryption processing imit and the authentication processing unit. 
The size which is required for this buffer can be reduced to the data block size that is 
necessary for performing the authentication processing. 

Independent claims 1 and 18 each recite these novel features of the present 
invention. In particular, claim 1 recites the security communication packet processing 
apparatus as comprising at least one encryption processing unit operable to perform the 
encryption processing and the decryption processing in a data block imit of Bl bits. 
Further, claim 1 recites the security communication packet processing apparatus as 
comprising at least one data block accumulation unit operable to accumulate the data 
blocks to which the encrvption processing has been performed by the at least one 
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encryption processing unit, and, when the amount of accumulated data blocks reaches B2 
bits (B2 = n X Bl), output the data blocks to at least one authentication processing unit. 
The security communication packet processing apparatus of claim 1 is also recited as 
comprising the at least one authentication processing unit operable to perform the 
authentication processing in a data block unit of B2 bits in parallel to the encryption 
processing or the decryption processing performed by the at least one encryption 
processing xmit, and output an authentication value indicating the result of the 
authentication processing, the data block unit of B2 bits being n times the data block unit 
of Bl bits. 

The security communication packet processing method of claim 18 is recited as 
comprising performing the encryption processing or the decryption processing to the 
divided data blocks of Bl bits, and accumulating the encrypted data blocks and 
outputting the data blocks when the amoimt of accxmiulated data blocks reaches B2 bits 
(B2 = n X Bl). The security communication packet processing method of claim 18 is also 
recited as performing the authentication processing to the outputted data blocks 
(encrypted data blocks) of B2 bits in parallel to the encryption processing or the 
decryption processing, and outputting the authentication value indicating the result of the 
authentication processing. 

Mathews discloses a cryptography accelerator chip that performs parallel 
processing of a packet of plain text which requires encryption processing and 
authentication processing, where the authentication value needs to be encrypted . In 
particular, Mathews discloses that the chip architecture includes an authentication 
component 302 and an encryption (or decryption) component 352. The authentication 
component 302 includes an authentication alignment block 304 which removes non-valid 
bytes of a packet and packs and aligns data to be input into an authentication FIFO buffer 
306 (see paragraph [0027]). Once 512 bits or a complete packet worth of data padded to 
a multiple of 512 bits have been loaded into the authentication FIFO buffer 306, Mathews 
discloses that the authentication value is then fed back into the encryption component 
352. Specifically, the encryption alignment block 354 receives data for cryptography 
processing from a front end source 301 and the feedback of the authentication value 
outputted from the authentication engine 308 (see arrow 309 of Figure 3 and paragraphs 
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[0028]-[0029]). 

Accordingly, for processing a packet or stream of data that requires both 
encryption processing and authentication processing, Mathews discloses that the 
authentication value must then be encrypted by the encryption alignment block 354. 
Furthermore, Mathews includes respective buffers in the stages prior to the authentication 
processing (FIFO 306) and the encryption processing (FIFO 356). In particular, Mathews 
requires a buffer of an authentication value size (512 bits) or larger (that is, larger than 
the encryption block size) in the stage prior to the encryption processing. 

In stark contrast to Mathews, claim 1 recites the security communication packet 
processing apparatus as comprising at least one data block accumulation unit operable to 
accumulate the data blocks to which the encryption processing has been performed by 
the at least one encryption processing unit, and, when the amount of accumulated data 
blocks reaches B2 bits (i.e., an integral multiple of a unit of data on which encryption 
processing has been performed), output the data blocks to at least one authentication 
processing xmit. In addition, the security communication packet processing method of 
claim 18 is recited as comprising performing the encryption processing or the decryption 
processing to the divided data blocks of Bl bits, and accumulating the encrypted data 
blocks and outputting the data blocks when the amoimt of accumulated data blocks 
reaches B2 bits. 

Therefore, in view of the above, Mathews clearly does not disclose or suggest 
each and every limitation, as Mathews discloses that for a packet or stream of data 
requiring encryption processing and authentication processing, the authentication value 
must be encrypted, and Mathews requires an authentication buffer (FIFO 306) to be 
larger than an encryption block data size. 

Furthermore, Mathews discloses a parallel processing method with regard to a 
packet or stream of data that requires both encryption processing and authentication 
processing, whereas the present invention employs a pipeline data processing method for 
a packet that requires both encryption processing and authentication processing. In 
addition, the apparatus and method of the present invention are different in effect to the 
chip structure of Mathews, because the present invention provides a reduction of a buffer 
size in the processing in addition to high-speed processing, whereas Mathews merely 



-18- 



provides high-speed processing. 

Accordingly, in view of the above, Mathews clearly does not disclose or a suggest 
a security communication packet processing apparatus as comprising at least one data 
block accumulation unit operable to accumulate the data blocks to which the encryption 
processing has been performed by the at least one encryption processing unit, and, when 
the amount of accumulated data blocks reaches B2 bits (i.e., an integral multiple of a unit 
of data on which encryption processing has been performed), output the data blocks to at 
least one authentication processing unit, as recited in claim 1 . Similarly, Mathews clearly 
does not disclose or suggest a security communication packet processing method of claim 
18 is recited as comprising performing the encryption processing or the decryption 
processing to the divided data blocks of Bl bits, and accumulating the encrypted data 
blocks and outputting the data blocks when the amount of accumulated data blocks 
reaches B2 bits, as recited in claim 18. 

Therefore, claims 1 and 18 are clearly not anticipated by Mathews since Mathews 
fails to disclose or suggest each and every limitation of claims 1 and 18. 

In rejecting claim 2, the Applicants note that the Examiner referred to paragraph 
[0031] in alleging that Mathews discloses the processing performed for a packet of the 
first type which requires both encryption and authentication processing. However, 
paragraph [003 1] of Mathews discloses the decryption process performed by Mathews, 
where decrypted data is fed back to the authentication alignment block 304 of the 
authentication component 302. 

New dependent claim 20 recites that the data block accumulation xmit may be 
bypassed. Specifically, claim 20 recites that some of the data blocks (A) pass through the 
data block accumulation unit and other data blocks (B) bypass the data block 
accumulation unit (buffer) depending on the data block type. Thus, as recited in claim 
20, the present invention provides that data blocks which do not need to be accumulated 
by the data block accumulation unit bypass the data block accumulation unit, which 
results in high-speed processing. 

However, in Mathews, FIFO 306 (and FIFO 356) are always connected 
immediately previous to the authentication engine 308 (and the cryptography engine 358 
(see paragraph [0024] and the authentication alignment 304 and the cryptography 
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alignment 354 in Figure 3). In other words, all the data blocks pass through the buffer in 
Mathews. Accordingly, Mathews also fails to disclose or suggest the limitations recited 
in claim 20. 

New dependent claim 21 recites that data blocks are saved and restored via the 
data block accumulation unit. Therefore, in the case where a higher priority data block is 
inputted during the buffering of a data block, the processing order can be optimized so 
that the higher priority data block is processed first. Mathews does not even contemplate 
this feature of the present invention. Therefore, similar to claims 1,18 and 20, Mathews 
clearly does not disclose or suggest the invention of claim 21. 

New dependent claim 22 recites that the suspended data block(s) can be passed on 
to another processing unit having an equivalent processing function. Therefore, the 
present invention makes it possible to reduce the number of processing units in a ready- 
for-processing state and thus achieve high-speed processing. Mathews also does not even 
contemplate this feature of the present invention. 

Accordingly, at least for the foregomg reasons, Mathews clearly does not disclose 
or suggest each and every limitation of claims 1 and 18, as well as new claims 20-22. 

On page 10 of the Office Action, claims 3-4, 7-8, 10-12 and 14-16 were rejected 
under 35 U.S.C. § 103(a) as being unpatentable over Matthews in view of Videcrantz et 
al. (U.S. 6,275, 588). 

As demonstrated above, Mathews clearly fails to disclose or suggest each and 
every limitation of claims 1 and 18, as well as new claims 20-22. However, Videcrantz et 
al. fails to cure the deficiencies of Mathews for failing to disclose or suggest each and 
every limitation of claims 1 and 18, as well as new claims 20-22. 

Therefore, no obvious combination of Mathews and Videcrantz et al. would result 
in the inventions of claims 1 and 18 or any claims depending therefrom since Mathews 
and Videcrantz et al., either individually or in combination, fail to disclose or suggest 
each and every limitation of claims 1 and 18. 

Furthermore, it is submitted that the clear distinctions discussed above are such 
that a person having ordinary skill in the art at the time the invention was made would not 
have been motivated to modify Mathews and Videcrantz et al. in such as manner as to 
result in, or otherwise render obvious, the present invention as recited in claims 1 and 18. 
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Therefore, it is submitted that the claims 1 and 18, as well as claims 2-17 and 19-22 
which depend therefrom, are clearly allowable over the prior art as applied by the 
Examiner 

In view of the foregoing amendments and remarks, it is respectfully submitted 
that the present application is clearly in condition for allowance. An early notice thereof 
is respectfully solicited. 

If, after reviewing this Amendment, the Examiner feels there are any issues 
remaining which must be resolved before the application can be passed to issue, the 
Examiner is respectfully requested to contact the undersigned by telephone in order to 
resolve such issues. 



JRB/nrj/kjf 

Washington, D.C. 20006-1021 
Telephone (202) 721-8200 
Facsimile (202) 721-8250 
August 12, 2005 



Respectfully submitted. 



Yuusaku OHTAetal. 




Jonathan R. Bowser 
Registration No. 54,574 
Attomey for Applicants 
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Show rhflf^ges MflHf> 

DESCRIPTION 

SECURITY COMMUNICATION PACKET PROCESSING 
APPARATUS AND THE METHOD THEREOF 

5 

BACKGROUND OF THE INVENTION 
(1) Field of the Invention 

The present invention relates to a security 
communication packet processing apparatus for secret 
10 communication by a data pacl<et and the method therefor , ond 
fnef e. l^^ore specifically , the present invention relates to a 
technique for speeding up and reducing delay. In security 
ensuring processing. 

15 (2) Description of the Prior Art 

I As a TCP/IP network such as the Internet has rapidly 

become widespread in these years, various manners of net 
businesses such as an electronic music distribution and 
shopping on the Web have been spotlighted and developed one 
20 after another. Although it Is the major premise of these kinds 
of net businesses that a secure and credible business Is 
I guaranteed between a service provider and a user, the Internet 
Is generally considered to be an Insecure network because it Is 
always at risk of Interception and pretence by a cracker. Se 
25 Thus, network security techniques such as electronic 
authentication, af^d-the_en crypt ion of communication data and 
a firewall have come into the picture. Although these 
techniques have been realized mainly by software, a demand 
for a high-speed processing by hardware such as a cipher 
30 processing chip and a cipher circuit board has been increased In 
I preparation for a future broader band of communication 
channels in TCP/IP infrastructures. 
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Version with Marking to 
^how Ch anges Made 



In a computer or a network connection device having a 
security communication function such as IPSec (IP Security 
Protocol Suite), conventional processing for a packet that 
requires both encryption processing and authentication 
5 I processing is performed^ as shown in a flowchart of Fig. 1. For 
a packet (such as an IP packet) that requires encryption 
processing (Step 701), after a plaintext packet is first divided 
into data blocks for the encryption processing (Step 702) and 
the encryption processing of these data blocks is performed 

10 (Step 703), they are reconstructed as an encrypted packet 
(Step 704). Next, when the packet requires authentication 
processing (Step 705), after the encrypted packet is divided 
into data blocks for the authentication processing (Step 706) 
and the authentication processing of these data blocks is 

15 performed (Step 707), they are reconstructed as an 
authentication-processed packet (Step 708). 

However, according to the above-mentioned method, 
packet construction processing needs to be performed twice 
(Step 704 and Step 708 in Fig. 1) for the packet that requires 

20 both encryption processing and the authentication processing. 
Therefore, there is a problem of speeding down (delay) of 
processing, a_decrease of throughput and an ineffective use of 
an encryption processing unit or an authentication processing 
unit when both the encryption processing and the 

25 authentication processing are performed. Also, according to 
this method, there is a problem that a plaintext packet that 
should be processed by priority can not be processed by priority 
during the processing of another packet. Further, when only 
one encryption processing unit and authentication processing 

30 unit are respectively mounted, there is a problem that it is 
I impossible to realize high-speed throughput by the 
simultaneous processing of plural packets. 



-2- 



SUMMARY OF THE INVENTION 

tt accordinQ l y A ccordinQlv. 



in 



light of the 



above-mentioned problems, a first object of the present 
Invention , In the li ght of the obovc ment i oned prob i cms^J s to 
provide a security communication packet processing apparatus 
that makes it possible to speed up processing, reduce delay of 
the processing, increase throughput and use the encryption 
processing unit and the authentication processing unit 
10 effectively when both the encryption processing and the 
authentication processing are performed. 
I Also, tl^e-a second object of the present invention Is to 

provide a security communication packet processing apparatus 
that makes It possible to perform at least one of the encryption 
15 (or decryption) processing and the authentication processing 
for plural packets simultaneously and In parallel. 
I Further, th€-a_third object of the present Invention Is to 

provide a security communication packet processing apparatus 
with high processing efficiency that makes it possible to 
20 perform the processing by using only a required processing unit 
corresponding to a packet type among one or more encryption 
processing units and authentication processing units. 
I Further in addition , the a fourth object of the present 

invention is to provide a security communication packet 
25 processing apparatus that makes It possible to control the 
priority processing of a packet for the encryption (including 
decryption) processing and the authentication processing. 

The above-mentioned first object may be achieved by the 
security communication packet processing apparatus according 
30 to the present invention that is a network connection device or 
a computer having the security communication function . The 
security communication packet processing apparatus of the 
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present invention comprises — comprising an encryption 
processing unit for processing a data blocl< for encryption 
processing, an authentication processing unit for processing a 
data block for autlientication processing, and an encryption and 
authentication processing control unit for outputting the data 
block for the encryption processing and the information which 
is_necessary for the encryption processing to the encryption 
processing unit, outputting the data block for the 
authentication processing and the information which is 
necessary for the authentication processing to the 
authentication processing unit, and controlling the encryption 
processing unit and the authentication processing unit , wherein 
th e. The data blocks which was— wer:e_processed in the 
encryption processing unit are accumulated until the 
accumulated amount thereof reaches the smallest data block 
size for the authentication processingT — a . The security 
communication packet processing apparatus also comprises a 
data block accumulation unit that outputs the accumulated 
amount to the authentication processing unit when ft — the 
accumulated amount of data blocks reaches the smallest data 
block size for the authentication processing is compriGcd, the ^ 
The encryption processing unit performs the processing of the 
data block for the next encryption processing while the 
authentication processing unit is processing the data block 
outputted from the data block accumulation unit, and the data 
block accumulation unit accumulates the data block for the 
next authentication processing. As a result, by making the 
data block necessary and sufficient for the processing unit 
performing the encryption processing or the authentication 
processing a — processing unit for the packet requiring the 
encryption processing and the authentication processing, the 
processing delay is reduced and the throughput is improved. 



and the encryption processing unit and tlie authentication 
processing unit can effectively used. 

The above-mentioned second object may be achieved by 
the security communication packet processing apparatus 
5 according to the present invention, wherein the number of at 
least one of the encryption processing unit and the 
authentication processing unit Is two or more, and the number 
of the data blocl< accumulation unit is equal to that of the 
encryption processing unit. As a result, plural packets can be 

10 processed In parallel, and the security processing with high 
throughput can be realized. 

The above-mentioned third object may be achieved by 
the security communication packet processing apparatus 
according to the present invention comprising a data path 

15 I connection switching unit that, according to the a_processing 
command of the encryption and authentication processing 
control unit, connects the output of the encryption and 
authentication processing control unit and the Input of the 
encryption processing unit when the data block outputted from 

20 the encryption and authentication processing control unit is the 
data block for the encryption processing, connects the output 
of the encryption and authentication processing control unit 
and the Input of the authentication processing unit when the 
data block outputted from the encryption and authentication 

25 processing control unit is the data block for the authentication 
processing, connects the output of the encryption processing 
unit and the input of the data block accumulation unit when the 
data block processed In the encryption processing unit further 
requires the authentication processing, and connects the 

30 output of the data block accumulation unit and the Input of the 
authentication processing unit when the data accumulated in 
the data blocl< accumulation unit is ready for being outputted. 
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As a result, since the encryption processing unit, the data block 
accumulation unit and the authentication processing unit do 
not always need to correspond to each other eoe — en 
efv eone-to-one even when there are plural encryption 
5 processing units and/or the authentication processing units, 
the data block requiring the authentication processing after the 
I encryption processing can be outputted to an arbitrary data 
block accumulation unit, and the output of the data block 
I accumulation unit can be outputted to an arbitrary 

10 authentication processing unit. Therefore, the encryption 
processing unit, the data block accumulation unit and the 
authentication processing unit can be used more effectively, 
and the encryption processing unit and the authentication 
processing unit can be easily replaced and the number of them 

15 can be easily increased. 

The above-mentioned fourth object may be achieved by 
the security communication packet processing apparatus 
according to the present invention, wherein, according to the 
instructions of the encryption and authentication processing 

20 control unit, a processing data saving unit for temporarily 
saving the data block processed in the encryption processing 
unit or the authentication processing unit and the data block 
accumulated in the data block accumulation unit along with the 
information on the data block is provided in a part of or all of 

25 the encryption processing unit, the authentication processing 
unit and the data block accumulation unit separately. As a 
result, the packet can be processed according to the priority. 

Also, in the security communication packet processing 
apparatus according to the present invention, the processing 

30 data saving unit for temporarily saving the data block 
processed in the encryption processing unit or the 
authentication processing unit and the data block accumulated 
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in the data block accumulation unit along with the information 
on the data block according to the instructions of the 
encryption and authentication processing unit may be provided 
I in common to (shared bv^ an arbitrary combination of the 
5 encryption processing unit, the authentication processing unit 
I and the data block accumulation unit. As a result, since an 
arbitrary encryption processing unit, authentication processing 
unit or data block accumulation unit connected to the 
processing data saving unit can use the one and common 
10 I processing data saving unit, eftd — an arbitrary encryption 
processing unit, authentication processing unit or data block 
accumulation unit connected to the processing data saving unit 
can restart the processing of the data block in the middle of the 
I processing in the processing data saving unit —. Accordinolv. 
15 the above-mentioned fourth object can be achieved In a 
I structure which is different from that of the above-mentioned 
security communication packet processing apparatus. 

Here, in the above-mentioned security communication 
packet processing apparatus, the data block for the encryption 
20 processing can be 64 bits, and the data block for the 
authentication processing can be 512 bits. In this case, the 
data block accumulation unit may output the data blocks when 
it accumulates eight encrypted data blocks. 
I Note that the present invention can be realized as tt^ 

25 security communication packet processing methods in which 
the characteristic control units of the above-mentioned security 
communication packet processing apparatus are processing 
steps, or as ti=>e-a_program for making a computer perform 
these processing steps. An ^Further . the program can, of 
30 course, be distributed via a recording medium such as CD-ROM 
or a transmitting medium such as a communication network. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

These and other objects, advantages and features of the 
present invention will become more apparent from the 
following detailed d escription thereof — when t aken in 
5 conjunction with the accompanying drawings which illustrate a 
specific embodiment of the invention. In the Drawings: 

Fig. 1 is a flowchart showing a conventional processing 
procedure for a pacl<et that requires both encryption processing 
and authentication processing. 
10 Fig. 2 is a block diagram showing a structure of a security 

communication packet processing apparatus according to the 
first embodiment of the present invention. 
I Fig. 3 is diagram describing_the control of a_data path in 

an encryption and authentication processing control unit. 
15 Fig. 4A is a block diagram showing an example of a 

detailed structure of an encryption processing unit. 

Fig. 4B is a diagram showing an example of the 
encryption (or the decryption) processing in a block encryption 
unit as shown in Fig. 4A. 
20 Fig. 5A is a data flow diagram showing a function of a 

data block accumulation unit. 

Fig. 5B is a flowchart showing a processing procedure in 
the data block accumulation unit. 

Fig. 6A is a block diagram showing an example of a 
25 detailed structure of an authentication processing unit. 

Fig. 6B is a diagram showing an outline of hash 
processing in a hash circuit as shown in Fig. 6A. 

Fig. 7 is a diagram showing an operation timing of the 
encryption processing in the encryption processing unit and the 
30 authentication processing in the authentication processing 
unit. 

Fig. 8 is a diagram showing an example of an application 
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to a product of the security communication packet processing 
apparatus according to tine first embodiment of tlie present 
invention. 

Fig. 9A is a functional block diagram showing a structure 
of a security gateway as shown in Fig. 8. 

Fig. 9B shows a protocol stack indicating the 
communication functions of the security gateway. 

Fig. 10 is a block diagram showing a structure of the 
security communication packet processing apparatus according 
to the second embodiment of the present invention. 

Fig. 11 is a flowchart showing an operation procedure of 
the security communication packet processing apparatus_ofthe 
second embodiment . 

Fig. 12 is a block diagram showing a structure of the 
security communication packet processing apparatus according 
to the third embodiment of the present invention. 

Fig. 13 is a flowchart showing an operation procedure of 
the security communication packet processing tmf tapparatus of 
the third embodiment . 

Fig. 14 is a block diagram showing a structure of the 
security communication packet processing apparatus according 
to the fourth embodiment of the present invention. 

Fig. 15 is a flowchart showing an operation procedure of 
the security communication packet processing apparatus of the 
fourth embodiment . 

Fig. 16 is a block diagram showing a structure of the 
security communication packet processing apparatus according 
to the fifth embodiment of the present invention. 

Fig. 17 is a flowchart showing an operation procedure of 
the security communication packet processing apparatus of the 
fifth embodiment . 

Fig. 18 is a block diagram of the security communication 



packet processing apparatus as an example of the variation, 



DESCRIPTION OF THE PREFERRED EMBODIMENTS 

The following is an explanation of the embodiments of the 
present invention with reference to fiaurcs t he drawings . 
First Embodiment 

First, the security communication packet processing 
apparatus according to the first embodiment of the present 
invention will be explained. 
10 Fig. 2 is a block diagram showing a structure of a security 

communication packet processing apparatus 100 according to 
the first embodiment of the present invention. The security 
communication packet processing apparatus 100 according to 
the first embodiment performs in a block unit the encryption 
15 (including decryption) processing and the authentication 
processing required for a packet such as an inputted IP packet, 
reconstructs rt -the processed packet as a packet and outputs 
Mhe reconstructed packet . The security communication 
packet processing apparatus 100 is characterized by having an 
20 essential and fundamental structure that can complete both the 
encryption (including decryption) processing and the 
authentication processing by only one packet reconstruction 
processing, and comprises four circuit blocks which are 
connected in a fixed manner, that Is, an encryption and 
25 authentication processing control unit 101, an encryption 
I processing unit 102, a data block accumulation unit 103 and ^ 
an authentication processing unit 104, and a packet 
construction unit 105. 
I Note that, according to t^=Hs— the first embodiment. 

30 packets that are inputted to the encryption and authentication 
processing control unit 101 are classified into four types 
according to the procGGGing typcs type of processing which 
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should be performed to the packets. The first type Is a packet 
(a transmitting packet) which requires both the encryption 
processing and the authentication processing, the second type 
is a packet (a receiving packet) which requires both the 
decryption processing and the authentication processing, the 
third type is a packet which requires either the encryption 
processing or the decryption processing only , and the fourtli 
type is a packet which requires the authentication processing 
only. 

The encryption and authentication processing control 
unit 101 receives a packet which should be processed from 
QutGidG and as well as information that is required for the 
processing of the packet (hereinafter referred to as "processing 
information";> 7 from the outside, and based Based on the 
received processing Information, the enervation and 
authentication processina control unit 101 performs control of 
the other components 102^-105 (that is, control of them to 
operate ON/Off, etc.), and control of determining the data path. 
Further, ffe -the encryption and authentication processina control 
unit 101 divides a packet into data blocks for the encryption 
processing (or decryption processing) of Bl (64, for example) 
bit length (bits') as a processing unit of the encryption 
processing unit 102, so as to output fehem- the Bl bits including 
the processing Information thereof to the encryption processing 
unit 102, and divides a packet into data blocks for the 
authentication processing of B2 (512, for example) bit length 
(bits) as a processing unit of the authentication processing unit 
104 so as to output the B2 bitsfe hem including the processing 
Information thereof to the authentication processing unit 104. 

"Processing information" here includes whether or not 
the encryption processing Is to be performed or not , whether or 
not the authentication processing is to be performed or not . 



and which processing is to be performed, the encryption 
processing or the decryption processing. When the encryption 
processing is to be performed, ft -the orocessina information 
Includes an algorithm, key information and an IV (Initial 
Vector), and when the authentication processing Is to be 
performed, ft -the processina information Includes an algorithm, 
ond necessary key Information and an authentication value. 
Note that the cipher algorithm Includes DES (Data Encryption 
Standard) and 3DES. Also, the authentication algorithm 
includes HMAC-MD5-96 and HMAC-SHA-1-96. Further, since a 
packet and its processing information are corresponded to each 
other by an identification number, etc., a mechanism is 
guaranteed not to confuse plural packets when they are 
Inputted In sequence to the encryption and authentication 
processing control unit 101. 

Fig. 3 Is diagram describing the control of_a data path In 
the encryption and authentication processing control unit 101. 
When the encryption and authentication processing control unit 
101 determines, based on the processing information, that a 
corresponded packet is a transmitting packet of the first type as 
mentioned above, that is, a packet that requires both 
encryption processing and authentication processing. It— the 
encryption and authentication orocessina control unit 101 
controls the components 102^^105 respectively so that a data 
flow is formed as shown in the data path diagram 111 of Fig. 3. 
In other words, the encryption processing performed bv the 
encryption processing unit 102 and the authentication 
processing performed bv the authentication processing unit 
104 are sequentially performed to the packet in a unit of a data 
blockv— afv 4. Accordingly, the result of the authentication 
processing (the authentication value) is inputted to the packet 
construction unit 105, ao we ll OG and the result of the encryption 
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processing by the encryption processing unit 102 (the 
encrypted data block) is inputted to the pacl<et construction 
unit 105. 

Also, when the encryption and authentication processing 
control unit 101 determines that a packet is a receiving packet 
of the second type as nnentloned above, that is, a packet that 
requires both decryption processing and authentication 
processing, l ^the encrvotion and authentication orocessina 
control unit 101 controls the components 102 ^^-105 
respectively so that a data flow is formed as shown in the data 
path diagram 112 of Fig. 3. In other words, the decryption 
processing performed bv the encryption processing unit 102 
and the authentication processing performed bv the 
authentication processing unit 104 are performed in parallel to 
the packet in a unit of a data block, and these results (that is, 
the decrypted data block and the authentication value) are 
inputted to the packet construction unit 105. 

Also, when the encryption and authentication processing 
control unit 101 determines that a packet is the third type, that 
is, a packet that requires either encryption processing or 
decryption processing. It — the encryption and authentication 
processing control unit 101 controls the components 102^-105 
respectively so that a data flow is formed as shown in the data 
path diagram 113 of Fig. 3. In other words, the encryption 
processing performed or the decryption processing by the 
encryption processing unit 102 and the authentication 
processing performed bv the authentication processing unit 
104 are performed in parallel to the packet in a unit of a data 
block, and the these results (that is, the encrypted or the 
decrypted data block and the authentication value) are 
inputted to the packet construction unit 105. 

Further, when the encryption and authentication 
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processing control unit 101 determines that a packet Is the 
fourth type, that is, a packet that requires the authentication 
processing only, ft — the encryption and authentication 
processing control unit 101 controls the components 102^-105 
so that a data flow Is formed as shown In the data path diagram 
114 of Fig. 3. In other words, the packet is forwarded to the 
packet construction unit 105, as we l l og t he authentication 
processing by the authentication processing unit 104 is 
performed to the packet In a unit of a data block, and the result 
(that is, the authentication value) is inputted to the packet 
construction unit 105. 

The encryption processing unit 102, which Is a circuit or 
the like that performs the block encryption and decryption 
according to the cipher algorithm such as a DES and 3DES, 
performs the encryption processing to a data block for 
encryption (or decryption) processing of Bl bits transmitted 
from the encryption and authentication processing control unit 
101 in a predetermined number of steps (a clock cycle), and 
outputs the result to the data block accumulation unit 103 or 
the packet construction unit 105 as the encrypted (or 
decrypted) data block. 

Fig. 4A is a block diagram showing an example of a 
detailed structure of the encryption processing unit 102. The 
encryption processing unit 102 comprises an input block buffer 
121 which stores an inputted data block for the encryption (or 
decryption) processing of Bl bits, a block encryption unit 122 
which performs the block encryption (and decryption) and the 
processing of the key for the block encryption (and decryption), 
and an output block buffer 123 which stores the result of the 
encryption (or decryption) processing (that Is, the encrypted 
(or the decrypted) data block of Bl bits). 

Fig. 4B is a diagram showing an example of the 
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encryption (or the decryption) processing in the block 
encryption unit 122 as shown in Fig. 4A. To a data blocl< of Bl 
bits outputted from the input block buffer 121, fixed bit 
replacement (initial replacement), then scramble processing of 
16 rounds determined by a key, and finally fixed bit 
replacement (final replacement) are performed. A secret key 
of Kl bits included in the processing Information transmitted 
from the encryption and authentication processing control unit 
101 is divided into 16 partial keys of K2 bits after certain 
processing for creating a schedule key is performed, and is 
used to take an exclusive OR with a data block in each 
corresponding scramble processing and to determine 
processing details of bit replacement. 

The data block accumulation unit 103 is a queue buffer or 
the like that accumulates encrypted data blocks outputted from 
the encryption processing unit 102, and outputs the data of B2 
bits to the authentication processing unit 104 as a data block 
for the authentication processing when the accumulated 
amount of encrypted data blocks reaches that of the data block 
(B2 bits) to which the authentication processing can be 
performed by the authentication processing unit 104. 

Fig. 5A is a data flow diagram showing a function of the 
data block accumulation unit 103. Here, the bit length B2 of 
the data block for the authentication processing which is 
inputted to the authentication processing unit 104 is n times of 
the bit length Bl (= n x Bl) of the encrypted data block which 
is outputted from the encryption processing unit 102. Fig. 5B 
is a flowchart showing a processing procedure that is 
performed in the data block accumulation unit 103. The data 
block accumulation unit 103, which is realized in a register file 
of Bl bit width with a counter, for example, repeats the 
processing (Steps 131^-134) of resetting the counter (Step 
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131), accumulating encrypted data blocks outputted from the 
encryption processing unit 102 (Steps 132 and 133), and when 
the number of the data blocks reaches n (Step 133), outputting 
n encrypted data blocks to the authentication processing unit 

5 104 as parallel data of B2 bits, for example (Step 134). 

The authentication unit 104, which is a circuit or the like 
that performs the authentication processing (that Is, the 
I processing including the calculation of arT_ICV (Integrity Check 
Value) and verification of its integrity), according to the 

10 authentication algorithm such as HMAC-MD5-96 and 
HMAC-SHA-1-96, etc., performs the authentication processing 
to the data blocks of B2 bits for the authentication processing 
transmitted from the encryption and authentication processing 
control unit 101 or the data block accumulation unit 103 in a 

15 predetermined number of steps (a clock cycle), and outputs the 
result as the authentication value to the packet construction 
unit 105. 

Fig. 6A is a block diagram showing an example of a 
detailed structure of the authentication processing unit 104. 

20 The authentication processing unit 104 comprises an input 
block buffer 141 that stores an inputted data block of B2 bits for 
the authentication processing, a hash circuit 142 that 
calculates a hash value of A (96, for example) bits for m pieces 
of data blocks for the authentication processing which 

25 constitutes one packet by performing certain hash processing 
to the data block for the authentication processing transmitted 
from the input block buffer 141, and an authentication value 
output buffer 143 that stores the calculated hash value as the 
authentication value. 

30 Fig. 68 is a diagram showing an outline of the hash 

I processing performed in the hash circuit 142 as shown in Fig. 
6A. The data block of 82 bits inputted to the input block buffer 
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141 is processed in a certain manner based on the 
authentication value of Al bits which is stored by the hash 
circuit 142 at that time so as to update the authentication value 
of Al bits. The data block of B2 bits inputted next is processed 
in a certain manner based on the hash value of Al bits which ts 
was i ust previously updated so as to further update the 
authentication value of Al bits which is stored by the hash 
circuit 142. This processing is repeated, and a part of the hash 
value of Al bits which was updated for the last data block of B2 
10 bits is used as the authentication value of A2 bits for this 
packet. 

The packet construction unit 105 lines up the encrypted 
(or decrypted) data blocks outputted from the encryption 
processing unit 102 in a certain order according to the 

15 processing information or the like which is informed from the 
encryption and authentication processing control unit 101 so as 
I to accumulate the mthe encrypted (or decrvpted'i data blocks . 

and constructs a processed packet corresponding to one packet 
I that is inputted to the encryption and authentication processing 

20 unit 101 by incorporating the authentication value outputted 
from the authentication processing unit 104 into a 
predetermined location. More specifically, for a transmitting 
packet of the first type as mentioned above, an encrypted and 
authentication-processed packet in a predetermined format Is 

25 reconstructed by accumulating the encrypted data blocks 
outputted from the encryption processing unit 102 as well as 
incorporating the authentication value outputted from the 
authentication processing unit 104. For a receiving packet of 
the second type as mentioned above, a decrypted and 

30 authentication-processed data block is reconstructed according 
to a predetermined format by accumulating the decrypted data 
I blocks outputted from the encryption processing unit 102_as 
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well as incorporatina the authentication valve outputt ed from 
the authentication processing unit 104 . Likewise, for the third 
type pacl<et, an encrypted (or decrypted) packet in a 
predetermined format is reconstructed by accumulating the 
encrypted (or decrypted) data blocks outputted from the 
encryption processing unit 102, and for the fourth type packet, 
a packet inputted to the security communication packet 
processing apparatus 100 is constructed as an 
authentication-processed packet according to a predetermined 
format. 

Note that reconstruction of an encrypted data block 
includes reconstruction for a cipher payload prescribed by 
IPSec (ESP: Encapsulating Security Payload) In a format 
corresponding to a tunnel mode and a transport mode. 
Similarly, reconstruction of an authentication value includes 
reconstruction for an authentication header prescribed by 
IPSec (AH: Authentication Header) in a format corresponding 
to a tunnel mode and a transport mode. Packet types such as 
Ipv4 and Ipv6 are included, for example. 

Next, the operation of the isecurity communication packet 

processing apparatus 100 according to tWs — ^the first 

embodiment as structured above will be explained respectively 
in the cases that where the above-mentioned four types of 
packets are inputted. 

First, the processing process in the case that where the 
first type packet, that is, a packet that requires both encryption 
processing and authentication processing^ is inputted to the 
security communication packet processing apparatus 100 (the 
processing process corresponding to the data path diagram 111 
in Fig. 3) will be explained. 

As the first step, the encryption and authentication 
processing control unit 101 receives a packet which should be 
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processed and the processing information thereof. The 
encryption and authentication processing control unit 101 
judges from the processing information that the paclcet is a 
transmitting pacl<et that requires both encryption processing 
and authentication processing, divides the pacl<et into data 
blocl<s for the encryption processing, and sequentially 

I transmits fehem — the data blocks along with the processing 
information thereof to the encryption processing unit 102. 

As the second step, the encryption processing unit 102 
receives the processing information and the data blocl<s for the 
encryption processing from the encryption and authentication 
processing control unit 101, determines from the processing 
information a cipher algorithm, a key, an IV and an encryption 
processing method which should be applied to the data block, 
and encrypts the data blocks for the encryption processing 
according to the processing method. Note that this may be 
realized so that plural cipher algorithms can be processed in the 
encryption processing unit 102. The encrypted data blocks 
are outputted to the packet construction unit 105 and, at the 
same time, outputted to the data block accumulation unit 103 
along with the processing information necessary for the 
authentication processing for the following authentication 
processing. Note that the encryption processing unit 102 

I performs the processing repeatedly every each t ime the next 
data block for the encryption processing is inputted. 

As the third step, the data block accumulation unit 103 
successively accumulates the data blocks for the encryption 
processing outputted from the encryption processing unit 102 
until frhcy rGachoG the amount of the accumulated encrypted 
data blocks reaches the data block size that Is necessary for the 
authentication processing , and when . When they rcochcs the 
accumulated encrypted data blocks reach the data block size 
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that is necessary for the authentication processing, ffe-the data 
blocic accumulation unit 103 o utputs them along with the 
processing information thereof to the authentication 
processing unit 104. The data block accumulation unit 103 
judges the accumulation status of whether the accumulated 
amount of the encrypted data blocks Is equal to the data block 
size for the authentication by counting the amount by using an 
accumulated block counter or the like that the data block 
accumulation unit 103 has. Note that this may be realized In 
the method that where t he encryption and authentication 
processing control unit 101 has the accumulated block counter. 

The data block accumulation unit 103 accumulates the 
next encrypted data block ovory each_tlme tt — the next 
encrvDted data block is Inputted, repeats the j udgment of 
whether the number of the accumulated encrypted data blocks 
reaches n pieces, and when l ^the number of accumulated 
encryoted data blocks reaches n, outputs the accumulated 
encrypted data blocks to the authentication processing unit 
104. 

As the fourth step, the authentication processing unit 104 
recelyes the encrypted data blocks for the authentication 
processing and the processing Information thereof from the 
data block accumulation unit 103, performs the authentication 
processing according to the processing information, and 
calculates the authentication yalue. The output yalue of the 
authentication processing unit 104 is the authentication yalue 
of the packet which is now being processed. 

The first through fourth steps as mentioned aboye are 
repeatedly applied to all the data blocks that require both 
encryption processing and authentication processing among 
transmitting packets that require both encryption processing 
and authentication processing. 
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Finally, as the fifth step, the packet construction unit 105 
constructs aftd — an encrypted and authentication-processed 
packet corresponding to one packet that is inputted to the 
encryption and authentication processing control unit 101 by 

5 lining up the encrypted data blocks outputted from the 
encryption processing unit 102 in a predetermined order so as 
to accumulate them and incorporating the authentication value 
outputted from the authentication processing unit 104 into a 
predetermined location. 

10 Fig. 7 is a diagram showing an operation timing of the 

encryption processing in the encryption processing unit 102 
and the authentication processing in the authentication 
processing unit 104. Here, one packet is divided into m x n 
pieces of data blocks for the encryption processing, and n 

15 pieces of data blocks for the encryption processing (the 
encrypted data blocks) correspond to one data block for the 
authentication processing. Therefore, one packet is divided 
into m pieces of data blocks for the authentication processing. 
As shown in Fig. 7, encrypted data blocks to which the 

20 encryption processing is performed in the encryption 
processing unit 102 are accumulated in the data block 
accumulation unit 103 one by one. When n pieces of 
encrypted data blocks are accumulated in the data block 
accumulation unit 103, n pieces of these encrypted data blocks 

25 are taken from the data block accumulation unit 103 and 
transferred to the authentication processing unit 104, where 
the authentication processing is performed to them as the first 
data block for authentication processing. In this way, the 
encryption processing and the authentication processing are 

30 repeated in parallel. As a result, the encryption processing is 
performed to this one transmitting packet m x n times, and the 
authentication processing is performed m times. Note that 
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since the length, encryption and authentication algorithms and 
others of the transmitting packet which Is to be Inputted to the 
security communication packet processing apparatus 100 are 
not fixed, the number of times of the encryption processing and 
5 the authentication processing can be dynamically determined 
based on the processing information accompanying to the 
packet. 

I Next, the processing process in the case tf=»at -where t he 

second type packet, that is, a receiving packet that requires 
10 I both decryption processing and authentication processing^ is 
Inputted to the security communication packet processing 
apparatus 100 (the processing process corresponding to the 
data path diagram 112 In Fig. 3) will be explained. 

As the first step, the encryption and authentication 
15 processing control unit 101 receives a packet which should be 
prociessed and the processing Information thereof. The 
encryption and authentication processing control unit 101 
judges from the processing information that the packet is a 
receiving packet that requires both decryption processing and 
20 authentication processing, and duplicates the packet. Af>4 
tl^eRThen, ffe— the encryption and authentication orocessinq 
control unit 101 divides one packet into data blocks for the 
decryption processing as a packet for the decryption processing 
and outputs fet=»efn -the data blocks along with the processing 
25 information thereof to the encryption processing unit 102 , and^ 
Further the encryption and authentication processing control 
unit 101 divides another packet into data blocks for the 
authentication processing as a packet for the authentication 
I processing and outputs fe^=^em -the data blocks along with the 
30 processing information thereof to the authentication 
processing unit 104. 

As the second step, the following two types of processing 
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are performed in parallel. As the first processing, the 
encryption processing unit 102 decrypts the received data 
blocks based on the processing information thereof, and 
I outputs them t he decrypted data blocks t o the packet 
5 construction unit 105. As the second processing, the 
authentication processing unit 104 performs the authentication 
processing to the received data blocks for authentication 
processing, and calculates the authentication value. 

The above-mentioned first and second steps are 
10 repeatedly applied to all the data blocks that require both 
decryption processing and authentication processing among 
the receiving packets that require both the decryption 
processing and the authentication processing. 

Finally, as the third step, the packet construction unit 105 
15 lines up the decrypted data blocks outputted from the 
encryption processing unit 102 in a predetermined order to 
accumulate them according to the processing information 
which is informed by the encryption and authentication 
processing control unit 101, as — weH — a sand the packet 
20 construction unit 105 it incorporates the authentication value 
outputted from the authentication processing unit 104 into a 
predetermined location so as to construct a decrypted and 
authentication-processed packet corresponding to one packet 
I that is inputted to the encryption and authentication processing 
25 control unit 101. 

I Next, the processing process in the case that where the 

third type packet, that is, a packet that requires the encryption 
I processing or the decryption processing^ is inputted to the 
security communication packet processing apparatus 100 (the 
30 processing process corresponding to the data path diagram 113 
in Fig. 3) will be explained in detail. 

As the first step, the encryption and authentication 
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processing control unit 101 receives a pacl<et which should be 
processed and the processing information thereof. The 
encryption and authentication processing control unit 101 
judges from the processing information that the packet is a 
packet that requires the decryption processing or the 
decryption processing, divides ffe -the packet into data blocks for 
the encryption processing, and outputs t^=KH=Tv-the data blocks 
along with the processing information thereof to the encryption 
processing unit 102. 

As the second step, the encryption processing unit 102 
receives the data blocks for encryption processing and the 
processing information thereof, performs the encryption 
processing or the decryption processing according to the 
processing information, and outputs thorn the enerv a ted or 
decrypted-processed data blocks t o the packet construction 
unit 105 as processed data b l ocks . 

The above-mentioned first and second steps are 
repeatedly applied to all the data blocks that require the 
encryption processing or the decryption processing among the 
packets that require either the encryption processing or the 
decryption processing. 

Finally, as the third step, the packet construction unit 105 
lines up the encryption (or decryption)-processed data blocks 
outputted from the encryption processing unit 102 in a 
predetermined order to accumulate them according to the 
processing information which is informed by the encryption and 
authentication processing control unit 101, as we l l as it and the 
packet construction unit 105 constructs an encryption (or 
decryption)-processed packet corresponding to one packet that 
is_inputted to the encryption and authentication processing 
control unit 101. 

Next, the processing process in the case that where the 
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fourth type packet, that Is, a packet that requires both the 
authentication processing only^ is inputted to the security 
communication packet processing apparatus 100 (the 
processing process corresponding to the data path diagram 114 

5 In Fig. 3) will be explained. 

As the first step, the encryption and authentication 
processing control unit 101 receives a packet which should be 
processed and the processing information thereof. The 
encryption and authentication processing control unit 101 

10 judges from the processing information that the packet is a 
packet that requires the authentication processing only, divides 
It -the packet into data blocks for the authentication processing, 
and outputs them -the data blocks along with the processing 
information thereof to the authentication processing unit 104. 

15 As the second step, the authentication processing unit 

104 receives the data blocks for the authentication processing 
and the processing information thereof, performs the 
authentication processing according to the processing 
information, and calculates the authentication value. 

20 The above-mentioned first and second steps are 

repeatedly applied to all the data blocks that require the 
authentication processing among the packets that require the 
authentication processing only. 
I Finally^ as the third step, the packet construction unit 

25 105 incorporates the authentication value outputted from the 
authentication processing unit 104 into the packet inputted to 
the security communication packet processing apparatus 100 
according to the processing information that is informed by the 
encryption and authentication processing control unit 101 so as 

30 to construct an authentication-processed packet corresponding 
I to one packet that is inputted to the encryption and 
authentication processing control unit 101. 



-25- 



As mentioned above, according to the security 
communication packet processing apparatus 100 of this t he 
first embodiment, a packet which was inputted to the security 
communication packet processing apparatus 100 is judged to 
be -determine which type of the paclcct among the four types_the 
inputted packet is . divided into data blocks of a required size, 
and encrypted (or decrypted) and authenticated so as to be 
restored to a processed packet by only one packet 
reconstruction. 

In other words, conventionally, encryption processing Is 
first performed to a transmitting packet that requires both 
encryption processing and authentication processing to 
construct tt -the packet as an encrypted packet, and then rt-the 
processed packet is again divided into data blocks for the 
authentication processing to be authenticated, so the packet 
needs to be constructed twice after the encryption processing 
and the authentication processing, and the authentication 
processing unit 104 must wait until the encrypted data blocks 
are reconstructed as a packet. On the other hand, according 
to ti=Hs -the first embodiment, the data block accumulation unit 
103 Is provided between the encryption processing unit 102 
and the authentication processing unit 104 so that data blocks 
of a size which Is necessary and sufficient for the processing are 
always inputted to the encryption processing unit 102 and the 
authentication processing unit 104, and the divided packet Is 
reconstructed only once for any security processing. That Is, 
since the data block accumulation unit 103 accumulates 
encrypted data blocks until they reach a size of data blocks that 
is_required for the authentication processing, and outputs them 
the accumulated data blocks t o the authentication processing 
unit 104, an input waiting time for the authentication 
processing unit 104 Is more drastically reduced than the 
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conventional method. Accordingly, improvement of 
throughput, reduction of delay and speeding up of the security 
processing of the packet as well as an effective use of the 
encryption processing unit and the authentication processing 
unit become possible. 

Fig. 8 is a diagram showing an example of an application 
to a product of the security communication packet processing 
apparatus 100 according to the first embodiment of the present 
Invention. Here, an appearance of a security gateway 160 
which functions as a router and a fire wall is illustrated. The 
security gateway 160 is a communication apparatus that 
securely interconnects_a WAN 161^ which is a public 
communication network such as the Internet, and a_LAN 162^ 
which is a private communication network connecting plural 
computers and others for in-house use. I^ore specifically, this 
security gateway 160 is, for example, a gateway at an IP level 
corresponding to the IPSec specifications disclosed In Request 
For Comments 2401 ^^2410 published by IETF (Internet 
Engineering Task Force). To an IP packet that is outputted 
from the LAN 162 to the WAN 161, the encryption processing 
and the authentication processing, the encryption processing 
only, or the authentication processing only are performed 
according to need, while to an IP packet that is outputted from 
the WAN 161 to the LAN 62, the decryption processing and the 
authentication processing, the decryption processing only, or 
the authentication processing only are performed, so as to 
connect plural communication apparatus via the WAN 161 
through a secure communication path which can eliminate a 
fraud fradulent practice such as interception or pretence by a 
third party. 

Fig. 9A is a functional block diagram showing a structure 
of the security gateway 160 as shown in Fig. 8, and Fig. 9B 
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shows a protocol stack indicating the communication functions 
of the security gateway 160. The security gateway 160 
comprises the security communication pacl<et processing 

I apparatus 100 of fel ^the first embodiment which is realized by 
an LSI or the like, a WAN interface 165 which is a 
communication interface connected to the WAN 161, a LAN 
interface 166 which is a communication interface connected to 
the LAN 162, and a network controller 167 that converts data 
inputted and outputted via these two interfaces 165 and 166 

I according to the protocol stack as shown in Fig. 9B7 and 
controls the security communication packet processing 
apparatus 100 to perform the encryption (or the decryption) 
processing and the authentication processing to an IP packet. 
This security gateway 160 speeds up secret 

I communication via the Internet. Communication speed and 
security of an Internet phone requiring real time 
communication, an Interactive communication such as an 
electronic settlement and distribution of a digital work such as 
a moving image, for example, are dramatically improved. 

Note that, according to the security communication 

I packet processing apparatus 100 of fet ^the first embodiment, 
a transfer of data between each component and a data path are 
determined and controlled under the control of the encryption 
and authentication processing control unit 101, but instead of 
this or In addition to this, a transfer of data among the 
encryption and authentication processing control unit 101, the 
encryption processing unit 102, the data block accumulation 
unit 103 and the authentication processing unit 104 may be 
realized , for example, by two-way hand-shaking between each 
processing unit. 

Also, the security communication packet processing 

I apparatus 100 of fe^=ws -the first embodiment may be realized by 
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an LSI and an FPGA (Field Prog ramnn able Gate-Array), or the 
encryption processing unit 102 and the authentication 
processing unit 104 may be realized by a DSP (Digital Signal 
Processor). 

Further, although the data block accumulation unit 103 is 
provided independently of the authentication processing unit 

I 104 In fel=Hs -the first embodiment, the present invention is not 
always limited to this structure, and the data block 
accumulation unit 103 may be realized in the manner thot it 
ts by being included in the authentication processing unit 104. 
Second Embodiment 

Next, the security communication packet processing 
apparatus according to the second embodiment of the present 
invention will be explained. 

Fig. 10 is a block diagram showing a structure of the 
security communication packet processing apparatus 200 
according to the second embodiment of the present invention. 
The security communication packet processing apparatus 200 

I of #Hs- the second embodiment is an example of an apparatus 
that has two or more encryption processing units and/or 
authentication processing units, and has the same number of 
the data block accumulation units as that of the encryption 
processing units. Here, the second embodiment has a 
structure in which a pair of combinations of one encryption 
processing unit, one data block accumulation unit and one 

I authentication processing unit (hereinafter as-referred to_as "a 
packet processing module") are arranged in parallel, that is, a 
structure corresponding to two units of the security 
communication packet processing apparatus 100 according to 
the first embodiment. More specifically, the security 
communication packet processing apparatus 200 comprises the 
a first packet processing module including an encryption 
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processing unit 202a, a data block accumulation unit 203a, an 
authentication processing unit 203a and a packet construction 
I unit 205a, the -a second packet processing module including an 
encryption processing unit 202b, a data block accumulation 

5 unit 203b, an authentication processing unit 204b and a packet 
construction unit 205b, and an encryption and authentication 
processing control unit 201. 

Note that the encryption processing units 202a, 202b, 
the data block accumulation units 203a, 203b, the 

10 authentication processing units 204a, 204b, and the packet 
construction units 205a, 205b have the same functions as the 
encryption processing unit 102, the data block accumulation 
unit 103, the authentication unit 104 and the packet 
construction unit 105 according to the first embodiment, 

15 respectively. Further, ID numbers are allocated to the 
encryption processing units 202a, 202b, the authentication 
processing units 204a, 204b and the data block accumulation 
units 203a, 203b respectively so as to identify them uniquely. 
I The second embodiment, particularly the points that are 

20 different from the first embodiment, will be explained as 
follows. 

The encryption and authentication processing control 
unit 201 has a control function to use effectively two pairs of 
packet processing modules as resources in addition to the 

25 functions of the encryption and authentication processing unit 
101 of the first embodiment. More specifically, the encryption 
and authentication processing control unit 201 keeps track of 
the processing status such as whether the respective 
processing units 202a-=^-205a and 202b^-205b are performing 

30 processing (BUSY) or are ready for processing (READY) by 
receiving BUSY signals indicating that they are performing 
processing and READY signals indicating that they are ready for 
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I processing from the respective processing units. Here, when 
both of the two encryption processing units 202a and 202b are 
ready for processing, the encryption processing unit with the 
smallest ID number is used by priority. The same applies to 

5 when the two authentication processing units are ready for 
processing at the same time. 

However, when the encryption processing is performed to 
a transmitting packet that requires both encryption processing 
I and authentication processing (first tvoeV in the encryption 

10 processing unit 202b, for example, the encryption and 
authentication processing control unit 201 controls so that the 
encrypted data blocks outputted from the encryption 
processing unit 202b are inputted to the authentication 
I processing unit 204b after fel=vey -the enervated data blocks are 

15 accumulated in the data block accumulation unit 203b and 
reconstructed in the packet construction unit 205b. That is, 
for a transmitting packet that requires both encryption 
processing and authentication processing, the data block 
accumulation unit, the authentication processing unit and the 

20 packet construction unit for the processing thereof are 
self-determined depending upon which encryption processing 
I unit 202a or 202b performed the processing. In sum, 
encryption (or decryption) processing, accumulation of data 
blocks, authentication processing and reconstruction of a 

25 packet are performed by the processing units in the same 
packet processing module. 

Fig. 11 Is a flowchart showing an operation procedure of 
the security communication packet processing apparatus 200. 
When the encryption and authentication processing control unit 

30 201 receives a packet that requires the encryption processing, 
the authentication processing or both of fe^=^em -the encryption 
and authentication processing and the processing information 
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thereof, 4t -the encryption and authentication processing control 
unit 201 specifies the encryption processing unit 202a or 202b 
which is ready for processing when the pacl<et requires the 
I encryption processing, and outputs the received paclcet (the 
5 divided data blocks) and the processing information thereof to 
the encryption processing unit 202a or 202b. On the other 
hand, when the packet requires the authentication processing 
only, the encryption and authentication processing control unit 
201 specifies the authentication processing unit 204a or 204b 
10 which Is ready for processing, and outputs the packet (the 
divided data blocks) and the processing information thereof to 
the authentication processing unit 204a or 204b (Step 211). 
The following encryption (or decryption) processing and 
authentication processing are performed according to the 
15 method as described in the first embodiment, that is, the 
procedure along with any of the four types of data paths 
I depending upon a- the type of a -the packet (Step 212). 

As described above, according to the security 
communication packet processing apparatus 200 of this tjie 
20 second embodiment, two or more encryption processing units 
and/or authentication processing units are provided, plural 
packets are allocated to the encryption processing units or the 
authentication processing units In an idle condition by the 
encryption and authentication processing control unit, and the 
25 encryption processing and authentication processing are 
performed to the plural packets in parallel. Therefore, a 
I problem can be avoided that plural packets tl=^at-MLich_require 
the encryption processing or the authentication processing are 
sequentially inputted to a single packet processing module of 
30 which packet is in a ready-for-processing state and a 
transmission delay Is caused, and thereby the transmission 
speed of secret communication is improved. 
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I Note that although, according to this -second embodiment, 
a structure in which a pair of combinations of an encryption 
processing unit, an authentication processing and a data block 
accumulation unit are arranged in parallel Is explained, the 
5 present invention is not always limited to the above-mentioned 
I structure? — afJd — a. A structure in which the encryption 
processing units and the authentication processing units are 
provided so that the sum of the processing performance of the 
encryption processing units Is equal to that of the 
10 authentication processing units may be realized. In this case, 
the ratio of the number of the encryption processing units and 
the authentication processing units is found by the number of 
I the encryption processing units- r. That is. the number of the 
authentication processing units = nTl : T2, when a size of a 
15 data block for the encryption processing is Bl, a size of a data 
block for the authentication processing is B2 (= nBl), the 
number of processing steps per one block of the encryption 
processing unit is Tl, and the number of processing steps per 
one block of the authentication processing unit is T2. Note 
20 that B, n, Tl and T2 are all natural numbers. 
Third Embodiment 

Next, the security communication packet processing 
apparatus according to the third embodiment of the present 
invention will be explained. 
25 Fig. 12 is a block diagram showing a structure of the 
security communication packet processing apparatus 300 
according to the third embodiment of the present invention. 
The security communication packet processing apparatus 300 
I in thlG of the third embodiment is an example of the an. 
30 apparatus which is characterized by having plural encryption 
processing units, plural data block accumulation units and 
I plural authentication processing units^, ef which 
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connGCtion where a manner of connecting the processing units 
Is not fixed and can be dynamically determined, tt — The 
security communication oacket processing apparatus 300 
comprises one encryption and authentication processing 
5 control unit 301, one data path connection switching unit 302, 
two encryption processing units 303a, 303b, two data block 
accumulation units 304a, 304b, two authentication processing 
units 305a, 305b, and one packet construction unit 306. 

Note that the encryption processing units 303a, 303b, 

10 the data block accumulation units 304a, 304b, the 
authentication processing units 305a, 305b, and the packet 
construction units 306 have the same functions as those of the 
encryption processing unit 102, the data block accumulation 
unit 103, the authentication processing unit 104 and the packet 

15 construction unit 105 according to the first embodiment. 
Further, ID numbers are allocated to the encryption processing 
units 303a, 303b, the authentication processing units 305a, 
305b, and the data block accumulation units 304a, 304b 
respectively so as to identify them uniquely. The third 

20 I embodiment, particularly the points that are different from the 
first embodiment, will be explained as follows. 

The data path connection switching unit 302 is a selector 
circuit or the like that, according to the control of the 
encryption and authentication processing control unit 301, can 

25 connect (or leave unconnected) the output of the encryption 
and authentication processing control unit 301 and the input of 
the encryption processing unit 303a or 303b, the output of the 
encryption and authentication processing control unit 301 and 
the Input of the authentication processing unit 305a or 305b, 

30 the output of the encryption processing unit 303a and the Input 
of the data block accumulation unit 304a or 304b, the output of 
the encryption processing unit 303b and the Input of the data 
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block accumulation unit 304a or 304b, the output of the data 
block accumulation unit 304a and the input of the 
authentication processing unit 305a or 305b, the output of the 
data block accumulation unit 304b and the input of the 

5 authentication processing unit 305a or 305b, respectively and 
independently. 

The encryption and authentication processing control 
unit 301 has a function to control the data path connection 
switching unit 302 so that only the necessary ones among the 

10 components are connected dynamically in order to use six 
components 303a, 303b, 304a, 304b, 305a and 305b 
I effectively as resources^ in addition to the functions of the 
encryption and authentication processing control unit 101 of 
the first embodiment. 

15 Fig. 13 is a flowchart showing an operation procedure of 

I the security communication packet processing unit apparatus 
300. The encryption and authentication processing control 
unit 301 receives a packet which should be processed and the 
processing information thereof from the outside, judges a type 

20 of the packet, that Is, the need e# -for t he encryption (or the 
decryption) processing and authentication processing 
respectively based on the contents of the processing 
information, and specifies the encryption processing unit 303a 
or 303b, the data block accumulation unit 304a or 304b, and 

25 the authentication processing unit 305a or 305b that can 
perform the necessary processing (or are ready for processing) 
(Step 311). 

Then, the encryption and authentication processing unit 
301 gives a connection command to the data path connection 
30 switching unit 302 so that each of the specified processing units 
is connected in the manner depending upon its packet type 
(Step 312). Here, the "connection command" may be 
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something expressed by an ID number of each processing unit 
to be connected or like a control signal of a selector. When it 
is judged that the packet is a transmitting packet of the first 
type, the encryption and authentication processing control unit 
5 301 gives the data path connection switching unit 302 a 
command of connecting the output of the encryption and 
authentication processing control unit 301 and the input of the 
encryption processing unit 303b, a command of connecting the 
output of the encryption processing unit 303b and the input of 
10 the data block accumulation unit 304b, and a command of 
connecting the output of the data block accumulation unit 303b 
304b and the input of the authentication processing unit 305b. 

On the other hand, when the connection is completed, 
the data path connection switching unit 302 outputs a READY 
15 signal indicating the completion of the connection to the 
encryption and authentication processing control unit 301 
(Step 313). 

When the encryption and authentication processing 
control unit 301 receives the READY signal, f ^the enc ryption 
20 and authentication processina control unit 301 divides the 
packet to be processed into data blocks which are required for 
processing, and outputs 4^^^^^m -the data blocks along with the 
processing information thereof to each processing unit 303a, 
303b, 305a and 305b via the data path connection switching 
25 unit 302. Thereby, the necessary encryption (or decryption) 
processing and the necessary authentication processing and 
the reconstruction of the packet are performed according to the 
processing procedure as described in the first embodiment 
(Step 314). 

30 Next, the detailed operations of the 4 types of packets as 

described in the first embodiment when they are inputted to the 
security communication packet processing apparatus 300 will 
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be explained by each packet type. 

First, the processing process when a Thct he first type 
pacl<et, that is, a transmitting packet that requires both 
encryption processing and authentication processing^ is 
inputted to the security communication packet processing 
apparatus 300 is explained. As the first step, the encryption 
and authentication processing control unit 301 receives a 
packet to be processed and the processing Information thereof, 
judges based on the contents of the proccGSing informotion 
that It -the received packet Is a transmitting packet that requires 
both encryption processing and authentication processing 
based on the contents of the orocessinQ in formation, and 
judges which of the encryption processing units, the data block 
accumulation units and the authentication processing units are 
15 ready for processing according to the method as described In 
the second embodiment. 

Here, when the encryption processing unit 303b, the data 
block accumulation unit 304b and the authentication 
processing unit 305b are ready for processing, for example, the 
encryption and authentication processing unit 301, as the 
second step, gives the data path connection switching unit 302 
a command of connecting the output of the encryption and 
authentication processing control unit 301 and the Input of the 
encryption processing unit 303b, a command of connecting the 
25 output of the encryption processing unit 303b and the input of 
the data block accumulation unit 304b and a command of 
connecting the output of the data block accumulation unit 303b 
and the input of the authentication processing unit 305b. 

On the other hand, as the third step, the data path 
connection switching unit 302 connects the respective 
processing units according to the given connection commands, 
and after completing the connection, ft — the data oath 
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connection switching unit 302 outputs a READY signal 
indicating tine completion of the connection to the encryption 
and authentication processing control unit 301. 

As the fourth step, when the encryption and 
authentication processing control unit 301 receives the READY 
signal from the data bath connection switching unit 302, tt-the 
encryption and authentication processing control unit 301 
divides the packet to be processed into data blocks for the 
I encryption processing, and outputs them -the data blocks along 
10 with the processing information thereof to the encryption 
processing unit 303b. The following processing is performed 
according to the processing method for a transmitting packet of 
the first type as described in the first embodiment. 
I Next, the processing process in the case that where a 

15 packet of the second type, that is, a receiving packet that 
requires both decryption processing and authentication 
I processing^ Is Inputted to the security communication packet 
processing apparatus 300 is explained. As the first step, the 
encryption and authentication processing control unit 301 
20 receives a packet to be processed and the processing 
information thereof, judges based on the contents of the 
processing informotion that It -the packet is a receiving packet 
that requires both decryption processing and authentication 
I processing based on the contents of the processing information . 
25 and judges which of the decryption units and the authentication 
processing units are ready for processing. 

Here, when the encryption processing unit 303b and the 
authentication processing unit 305b are ready for processing, 
for example, the encryption and authentication processing unit 
30 301, as the second step, gives the data path connection 
switching unit 302 a command of connecting the output of the 
encryption and authentication processing control unit 301 and 
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the input of the encryption processing unit 303b and a 
command of connecting the output of the encryption and 
authentication processing control unit 301 and the input of the 
authentication processing unit 305b. 
5 As the third step, the data path connection switching unit 

302 connects the encryption and authentication processing 
control unit 301 and the encryption processing unit 303b, and 
the encryption and authentication processing control unit 301 
and the authentication processing unit 305b according to the 
10 given connection commands ^ and after . After completing the 
connection, t ^the data path connection switchino unit 302 
outputs a READY signal to the encryption and authentication 
processing control unit 301. 

As the fourth step, the encryption and authentication 
15 processing control 301 duplicates the packet in the same 
manner as that described in the first embodiment, divides one 
paci<et into data blocks for the encryption processing to output 
them to the encryption processing unit 303b, and divides the 
other packet into data blocks for the authentication processing 
20 to output them to the authentication processing unit 305b. 
The following processing is performed according to the 
processing method for a packet of the second type as described 
in the first embodiment. 

Next, the processing process in the case that where t he 
25 third type packet, that is, a packet that requires both either 
encryption processing afv^ — nuthGntication or decrvotion 
processing^ is inputted to the security communication packet 
processing apparatus 300 is explained. As the first step, the 
encryption and authentication processing control unit 301 
30 receives a packet to be processed and the processing 
information thereof, judges based on the contcnto of the 
procGGSing information that ft -the received packet is a packet 
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that requires either encryption processing or decryption 
I processing based on the contents of the processina information , 
and judges which encryption processing unit is ready for 
processing. 

Here, when the encryption processing unit 303b is ready 
for processing, for example, the encryption and authentication 
processing unit 301, as the second step, gives the data path 
connection switching unit 302 a command of connecting the 
output of the encryption and authentication processing control 
unit 301 and the input of the encryption processing unit 303b. 

As the third step, the data path connection switching unit 
302 connects the encryption and authentication processing 
control unit 301 and the encryption processing unit 303b 
according to the given connection command ^ and after . After 
completing the connection, tt -the data oath connection switch 
302 outputs a READY signal to the encryption and 
authentication processing control unit 301. 

As the fourth step, the encryption and authentication 
processing control 301 divides the pacl<et into data blocks for 
the encryption processing to output fehem -the data blocl<s to the 
encryption processing unit 303b. The following processing is 
performed according to the processing method for a packet of 
the third type as described in the first embodiment. 

Finally, the processing process in the case that where the 
fourth type packet, that is, a packet that requires only t he 
authentication processing^ is inputted to the security 
communication packet processing apparatus 300 is explained. 
As the first step, the encryption and authentication processing 
control unit 301 receives a packet to be processed and the 
processing information thereof, judges based on the contents 
of the proccGGlng information that +t- the received packet is a 
packet that requires the authentication processing based on 
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I the contents of the processinQ information , and judges which 
authentication processing unit is ready for processing. 

Here, when the authentication processing unit 305b is 
ready for processing, for example, the encryption and 
5 authentication processing unit 301, as the second step, gives 
the data path connection switching unit 302 a command of 
connecting the output of the encryption and authentication 
processing control unit 301 and the input of the authentication 
processing unit 305b. 
10 As the third step, the data path connection switching unit 

302 connects the encryption and authentication processing 
control unit 301 and the authentication processing unit 305b 
according to the given connection command ^ and after . After 
completing the connection, ft — the data path connection 
switching unit 302 outputs a READY signal to the encryption 
and authentication processing control unit 301. 

As the fourth step, the encryption and authentication 
processing control 301 divides the packet into data blocks for 
the encryption processing to output fe^=^em -the data blocks t o the 
20 authentication processing unit 305b. The following processing 
is performed according to the processing method for a packet of 
the fourth type as described in the first embodiment. 

As described above, according to the security 
communication packet processing apparatus 300 according to 
25 I tt^te — the third embodiment, by providing the data path 
connection switching unit 302 for connecting respective 
I processing units via various paths, a flexible structure is 
realized so that an encryption processing unit can input data 
blocks to an arbitrary data block accumulation unit which is 
30 ready for processing and a data block accumulation unit can 
input data blocks to an arbitrary authentication processing unit 
I which is ready for processing^ because a set of one encryption 
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processing unit, one data block accumulation unit and one 
authentication processing unit are not always occupied fixedly. 
That is, since the encryption processing unit, the data block 
accumulation unit and the authentication processing unit can 
be combined flexibly, they can be effectively used. Further, 
such operations can be easily realized as providing plural 
encryption processing units and authentication processing 
units, or replacing the encryption processing unit mounting an 
encryption algorithm with the encryption processing unit 
mounting another encryption algorithm. 
Fourth Embodiment 

Next, the security communication packet processing 
apparatus according to the fourth embodiment of the present 
invention will be explained. 

Fig. 14 is a block diagram showing a structure of the 
security communication packet processing apparatus 400 
according to the fourth embodiment of the present invention. 
The security communication packet processing apparatus 400 
according to the fourth embodiment comprises a structure in 
which six saving areas (or processing data saving units)^ which 
are respectively connected to two encryption processing units, 
two data block accumulation units and two authentication units^ 
are added to the security communication packet processing 
apparatus 300 according to the third embodiment. In other 
words, the security communication packet processing 
apparatus 400 comprises one encryption and authentication 
processing control unit 401, one data path connection 
switching unit 402, two encryption processing units 403a and 
403b, two data block accumulation units 404a and 404b, two 
authentication processing units 405a and 405b, six processing 
data saving units 406a, 406b, 406c, 406d, 406e and 406f, and 
one packet construction unit 407. The fourth embodiment. 
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I particularly the points that are different from the third 
embodiment, will be explained as follows. 

I Six - The six processing data saving units 406a, 406b, 
406c, 406d, 406e and 406f are memories or the like having 
5 I storage areas just for temporarily saving all of the data that are 
being processed in the corresponding encryption processing 
units 403a, 403b, the data block accumulation units 404a, 404b, 
and the authentication processing units 405a, 405b, 
respectively. 

10 Note that, although, according to the fourth embodiment, 

the encryption and authentication processing control unit 401 
receives four types of the packets and the processing 
information thereof as described in the first embodiment, the 
processing information is supposed to include the Information 

15 on the priority of processing the packets. "The information on 
the priority" is expressed by figures, for example. These 
I figures are allocated corresponding to the information of the 
Type of Service (ToS) bits included in an IP header, for example. 
The encryption and authentication processing control 

20 unit 401 performs processing for allocating resources (that is, 
the encryption processing unit, the data block accumulation 
unit and the authentication processing unit) depending upon 
the priority of the inputted packet, in addition to the functions 
of the encryption and authentication processing control unit 

25 I 301. I^ore specifically, when all the resources which are 
required for the encryption (or the decryption) processing and 
the authentication processing are being occupied when the 
packet is inputted, the encryption and authentication 
processing control unit 401 specifies the resource which is 

30 processing the packet with the lowest priority among them and 
saves the processing data thereof in the processing data saving 
unit so as to release the resource. In other words, the 
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encryption and authentication processing control unit 401 
performs control so that the packet with higher priority is 
processed earlier. 

Fig. 15 is a flowchart showing an operation procedure of 
the security communication packet processing apparatus 400. 

The encryption and authentication processing control 
unit 401 receives a packet to be processed and the processing 
information thereof, and then judges bosod on the proccooing 
information whether or not t he processing unit required for the 
10 processing of the packet is ready for processing or not based on 
the processino information fSteo 411). As a result, when the 
required processing unit is ready for processing ("Yes" in Step 
411), the encryption and authentication processing control unit 
401 outputs the data blocks and the processing Information 
15 I thereof to the processing unit and makes 4 ^the processing unit 
proceed with the processing (Step 412) according to the 
I processing process of the third embodiment (Steps 311^-314 
in Fig. 13) in the following. 

On the other hand, when all the processing units which 
20 are reauired for the processing of the packet are being occupied 
("No" in Step 411), the encryption and authentication 
processing control unit 401 gives the processing unit which is 
processing the packet with the lowest priority a command of 
saving the data in the middle of processing in the processing 
data saving unit that is connected to #t€ -this processing unit 
(Step 413). When the processing unit which is processino the 
packet with the lowest priority receives the saving command, ft 
the processing unit saves the data in the middle of processing 
and the processing information thereof in the processing data 
30 saving unit, and after completing the saving, +t -the processing 
unit outputs a READY signal to the encryption an authentication 
processing control unit 401 (Step 414). 



-44- 



When the encryption and authentication' processing 
control unit 401 receives the READY signal, ffe -the encryption 
and authentication processing control unit 401 outputs data 
blocks and the processing Information thereof to the processing 
unit, and makes it — the orocessinc unit proceed with the 
processing (Step 415) according to the processing process of 
the third embodiment (Steps 311^-314 in Fig. 13) in the 
following. After all the processing for the packet which was 
processed by priority is completed, the processing unit reads 
out the data in the middle of processing from the processing 
data saving unit and restarts the processing for the packet 
(Step 416). 

As described above, according to the security 
communication packet processing apparatus 400 of the fourth 
embodiment, the processing data saving units 406a, 406b, 
406c, 406d, 406e and 406f are provided in addition to the 
structure of the third embodiment. Therefore, control of 
processing packets by priority becomes possible in addition to 
the effects as described in the third embodiment. 

Note that although the processing data saving units are 
respectively orovided rcGpGctivcly — ^for all the encryption 
processing units, the data block accumulation units and the 
authentication processing units, the present invention is not 
always limited to the above structure. The processing data 
saving units may be provided for all the encryption processing 
units only, for example , that . That Is, the processing data 
saving units may be provided respectively for arbitrary 
processing units. Also, t1=Hs-the_Joijrth_embodiment can be 
applied to the security communication packet processing 
apparatus 200 according to the second embodiment. The 
processing in this case can be realized in the same manner as 
the above. 
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Further, according to tMs -the fourth embodiment, when 
all the required processing units are being occupied when a 
packet is inputted to the encryption and authentication 
I processing control unit 301 401. the processing unit which is 
5 processing the packet with the lowest priority among the 
packets in the middle of processing is released compulsorily 
regardless of the priority of the inputted packet, but the 
correlation with the priority of the inputted packet may be 
added as a condition of releasing. That is, the processing unit 
10 which is processing the packet with the lower priority than that 
of the inputted packet and the lowest priority among the 
packets in the middle of processing may be released 
compulsorily, for example. 

Further, as a parameter for determining the processing 
15 unit which is to be released compulsorily, not only priority of a 
packet but also a packet size, the number of steps which are 
required for processing, the number of remaining steps until 
the processing of the packets in the middle of the processing is 
completed and so on may be used. 
20 Fifth Embodiment 

Next, the security communication packet processing 
apparatus according to the fifth embodiment of the present 
invention will be explained. 

Fig. 16 is a diagram showing a structure of the security 
25 communication packet processing apparatus 500 according to 
the fifth embodiment of the present invention. The security 
communication packet processing apparatus 500 according to 
the fifth embodiment comprises a structure in which a data 
saving area (a processing data saving unit) which is common to 
30 (shared bw) two encryption processing units, two data block 
accumulation units and two authentication processing units Is 
added to the security communication packet processing 
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apparatus 200 according to the second embodinnent. In other 
words, the security communication packet processing 
apparatus 500 comprises the packet processing module 
including an encryption processing unit 502a, a data block 

5 accumulation unit 503a, an authentication processing unit 
504a and a packet construction unit 506a, the packet 
processing module including an encryption processing unit 
502b, a data block accumulation unit 503b, an authentication 
processing unit 504b and a packet construction unit 506b, an 

10 I encryption and authentication processing control unit 501^ and 
a processing data saving unit 505. 

The processing data saving unit 505 is a memory or the 
like that Is connected to the encryption processing units 502a 
and 502b, the data block accumulation units 503a and 503b, 

15 and the authentication processing units 504a and 504b, and 
I has a memory area just for temporarily saving all oLthe data in 
the middle of processing in these processing units. 

Note that although, according to the fifth embodiment, 
the encryption and authentication processing control unit 501 

20 receives four types of packets as described in the first 
embodiment and the processing information thereof in the 
same manner as the fourth embodiment, the processing 
information is supposed to include the information on the 
priority of processing the packets. 

25 The encryption and authentication processing control 

unit 501 performs processing for allocating resources (packet 
processing modules) depending upon the priority of the 
inputted packet, in addition to the functions of the encryption 
and authentication processing control unit 201 according to the 

30 second embodiment. More specifically, when all the resources 
I which are required for the encryption (or the decryption) 
processing and the authentication processing are being 



-47- 



occupied when the packet is inputted, the encryption and 
authentication processing control unit 501 specifies the 
resource which is processing the pacl<et with the lowest priority 
among them and saves the data In the middle of processing in 
the processing data saving unit 505 so as to release the 
resource. In other words, the encryption and authentication 
processing control unit 501 performs control so that the packet 
of the higher priority is processed earlier. 

Fig. 17 is a flowchart showing an operation procedure of 
the security communication packet processing apparatus 500. 
First, the encryption and authentication processing control unit 
501 receives a packet to be processed and the processing 
information thereof, and then judges boscd on the processing 
information whether or not the processing unit which is 
required for the processing of the packet Is ready for processing 
or not based on the processinQ information (Step 511). As a 
result, when the required processing unit is ready for 
processing ("Yes" in Step 511), the encryption and 
authentication processing control unit 501 outputs data blocks 
and the processing Information thereof to the processing unit 
and makes t% -the processing unit proceed with the processing 
(Step 512) according to the processing process of the second 
embodiment (Steps 211----212 in Fig. 11) in the following. 

On the other hand, when all the processing units which 
are reauired for the processing of the packet are being occupied 
("No" in Step 511), the encryption and authentication 
processing control unit 501 gives the processing unit which Is 
processing the packet with the lowest priority a command of 
saving the data in the middle of processing along with an 
address of a saving destination in the processing data saving 
unit 505 (Step 513). When the processing unit receives the 
command of saving, f ^the orocessina unit saves the data in the 
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middle of processing and the processing information thereof in 
the specified address of the processing data saving unit 505, 
and after completing the saving, It -the processing unit outputs 
a READY signal to the encryption and authentication processing 
control unit 501 (Step 514). 

When the encryption and authentication processing 
control unit 501 receives the READY signal, l ^the encrvptlon 
and authentication processino control unit 501 o utputs data 
blocks and the processing Information thereof to the processing 
10 I unit, and makes It — the processing unit proceed with the 
processing (Step 515) according to the processing process of 
I the second embodiment (Steps 211^-212 In Fig. 11) In the 
following. After all the processing for the packet which was 
processed by priority is completed or other processing units 
15 reach a ready-for-processing state, the processing unit reads 
out the saved data In the middle of processing from the 
processing data saving unit 505 and restarts the processing for 
the packet (Step 516). 

As described above, according to the security 
20 communication packet processing apparatus 500 of the fifth 
embodiment, the processing data saving unit 505 shared by the 
encryption processing units 502a and 502b, the data block 
accumulation units 503a and 503b and the authentication 
processing units 504a and 504b is provided In addition to the 
25 structure of the second embodiment. Therefore, In addition to 
the effects as described In the second embodiment, not only 
control of processing packets by priority becomes possible, but 
also_a more effective use of the processing data saving unit 
becomes possible than in_the fourth embodiment In which the 
30 processing data saving unit Is provided so as to be dedicated to 
each processing unit. 

Note that although, according to the fifth embodiment. 
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the processing data saving unit is provided so as to be common 
to fshared bv) all oLthe encryption processing units, the data 
blocl< accumulation units and the authentication processing 
units, the present Invention Is not always limited to the above 
5 structure. The processing data saving unit may be provided 
for all the encryption processing units only, for example , that^ 
That is, the processing data saving unit may be provided so as 
to be common to an arbitrary combination of the processing 
units. 

10 Also, the technique for sharing the data saving area 

according to the fifth embodiment can be applied to the 
security communication packet processing apparatus 300 
according to the third embodiment. More specifically, like the 
security communication packet processing apparatus 600 as 

15 shown in Fig. 18, a data saving area (a processing data saving 
unit 606) shared by encryption processing units 602a and 602b, 
data block accumulation units 603a and 603b and 
authentication processing units 604a and 604b may be added. 
In this case, an encryption and authentication processing 

20 I control unit 601 gives a data teath -path connection switching 
unit 602 a command of connecting the processing unit as a 
destination of saving the data in the middle of processing and 
the processing data saving unit 606 so as to make it possible to 
save the data. 

25 As shown in the above-mentioned five embodiments of 

the present invention, since a processing unit for performing 
both encryption for decryption) processing and authentication 
processing is a data block size which is necessary and sufficient 
for the processing according to the present invention, speeding 

30 up and reducing delay of the encryption processing and the 
I authentication processing can be realized, as compared with 
the prior art in which a processing unit is a packet. 
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Also, when both encryption processing and 
authentication processing are performed according to the 
present invention, the data blocks after the encryption 
processing are accumulated until they reach the size of the data 
5 I blocks which is necessary and sufficient for the authentication 
processing, and the authentication processing is performed 
I when they bccomcG the accumulated data blocks become eoual 
to that of the data blocks for the authentication processing. 
I Therefore, the present invention can contribute to the s aving of 

10 memory resources for buffering the data blocks after the 
encryption processing. 

Also, since two or more encryption processing units 
and/or authentication processing units are provided according 
to the present invention, simultaneous processing of plural 

15 packets becomes possible and the throughput of the security 
processing of the packets can therebv be improved. 

Further, according to the present invention, bv providing 
the data path connection switch unit, the encryption processing 
unit, the data block accumulation unit and the authentication 

20 processing unit need not always be corresponded fixedly even 
when there are plural encryption processing units and/or the 
authentication processing units , by providing the data poth 
connection switching unit . That is, since the data blocks 
requiring the authentication processing after the encryption 

25 processing can be outputted to an arbitrary data block 
accumulation unit, and the output of the data block 
accumulation unit can be outputted to an arbitrary 
authentication processing unit, there are effects that more 
effective use of the encryption processing unit, the data block 

30 accumulation unit and the authentication processing unit 
becomes possible and the encryption processing unit and the 
authentication processing unit can be easily replaced and the 
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number of them can be easily increased. 

Further, by providing the orocessinQ d ata saving unit, the 
packet processing is not always performed in the order ef 
inputt i ng t hat the packets are inputted to the security 
communication packet processing apparatus by providing the 
processing doto saving unit , and the processing order can be 
manipulated according to the packet priority and others. 

Still further, according to the present invention, since an 
arbitrary encryption processing unit or authentication 
10 processing unit that shares the processing data saving unit and 
is ready for processing can process the data block to be 
processed when there is any In the processing data saving unit, 
by sharing the processing data saving unit in an arbitrary 
combination of the encryption processing units, the 
15 authentication processing units and the data block 
I accumulation units, a_more effective use of the encryption 
processing unit and the authentication processing unit 
becomes possible. 

Although the security communication packet processing 
20 unit according to the present invention was explained based on 
the five embodiments, the present invention Is not limited to 
these embodiments. 

That is, other embodiments of various manners can be 
realized by combining features of these five embodiments. 
25 For example, the security communication packet processing 
apparatus in which the processing data saving units are 
connected dedicatedly to the respective processing units 202a, 
202b, 203a, 203b, 204a and 204b of the security 
communication packet processing apparatus 200 as shown in 
Fig. 10 can be realized by applying the feature of the fourth 
embodiment (that is, providing the processing data saving unit 
for each processing unit) to the second embodiment. 
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Further, the security communication packet processing 
apparatus according to the second through fifth embodiments 
as well as the first embodiment can, of course, be incorporated 
in a communication device such as a security gateway and a 
5 computer device. 

INDUSTRIAL APPLICABILITY 

The security communication packet processing apparatus 
according to the present invention is applicable to a 
10 communication relay station that connects various 
communication networks, a security gateway that functions as 
a router and a firewall, and a communication device that 
I securely connects a WAN that is a public network such as the 
Internet and a LAN that is a non-public network that connects 
15 plural computers for in-house use. 
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ABSTRACT 



A security communication pacl<et processing apparatus (100) 
compriGGG includes an encryption processing unit (102) that 
performs encryption processing and decryption processing in a 
data block unit of Bl bits, an authentication processing unit 
(10 4 ) that performs authentication processing in a data block 
unit of B2 (= n X Bl) bits In parallel to the encryption 
procGGSing or th«— decryption processing in the encryption 
processing unit (102) and outputs an authentication value, a 
data block accumulation unit (103) that accumulates the data 
blocks from the encryption processing unit (102) and outputs 
the dDta blockst hern to the authentication processing unit 
(10 4 ) when the accumulated amount of the data blocks reaches 
82 bits, a packet construction unit (105) that reconstructs a 
packet with the data blocks from the encryption processing unit 
(102) and the authentication value from the authentication 
processing unit (10 4 ) , and on encryption and outhcnticotion a 
processing control unit (101) that divides the Inputted packet 
into the data blocks of Bl bits and outputs the data blocks 
sequentially to the encryption processing unit. 
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